安装
brew install openssl使用
root@MACdeMBP rem_key # openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
Generating a 4096 bit RSA private key
................................................................................................++
.................................++
writing new private key to 'key.pem'
Enter PEM pass phrase: # 这边输入你要设置的密码,比如123456
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:CN # 国家名称
State or Province Name (full name) []:Shanghai # 省份
Locality Name (eg, city) []:shanghai # 城市
Organization Name (eg, company) []:py # 组织机构
Organizational Unit Name (eg, section) []:py # 机构部门
Common Name (eg, fully qualified host name) []:*.lw.com # 域名
Email Address []:1257974173@qq.com # 邮箱
# 上面操作完成后会在当前目录下生成cert.pem key.pem两个文件
# 生成pubkey.pem文件
root@MACdeMBP rem_key # openssl x509 -pubkey -noout -in cert.pem > pubkey.pem
root@MACdeMBP rem_key # ls
cert.pem key.pem pubkey.pem
# 生成privkey.pem文件,要输入之前设置的密码
root@MACdeMBP rem_key # openssl rsa -in key.pem -out privkey.pem
Enter pass phrase for key.pem:
writing RSA key
# 文件说明
cert.pem 文件包含证书
pubkey.pem 文件包含从证书提取的公钥
key.pem 文件包含RSA私钥,加密的
privkey.pem 文件包含RSA私钥,非加密的使用jwt进行加密解密
import jwt
with open('pubkey.pem') as f:
PUBKEY = f.read()
with open('privkey.pem') as f:
PRIVKEY = f.read()
def create_token(**data):
return jwt.encode(data, PRIVKEY, algorithm='RS512')
def read_token(token):
return jwt.decode(token, PUBKEY, algorithms='RS512')
token = create_token(some='data', inthe='token')
print(token)
# eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoiZGF0YSIsImludGhlIjoidG9rZW4ifQ.WH7pak1eGR7-C_WfHcOma3UpHHQucb5VDR2hcJTaFx80F4ny53ETuIpdWB0tJuW6QvI2F7OBUwJaYzlreV2-e8gUX2mZKoXj99YKmvlOg_mskahLVBmQQwgoIXAqsNiAcHUFG5QeJvN10HLoLVCnvalXyIYI_yEOCU3JXUaSnawKmhgDKA--S0EtGOiV4fxw-S8yGK8W-nLhTwSZqAGpg27fJZcdsv5YaV8LR-ledltqCLEKrYvf-1p28TQLLKHxCFU1cJyYK_zA4jtR_tOa7zrLPaE0iiQpkx16YxoqWEHM4f_nKBIi1Wf9Gvh71DjEdmLOo_4LrXKhsg-OWjoDSc0FoFjJv70GPgF-uBKC-4FmR9N4EzIyAhcDssQuYtJLc0_V0lmd-kw4xjKmNmDSlUIHKyrzm_GnILo23T7BplYeUzDHi1XIwP9qnZuOaN4jkCdfUPDyNouHhFhHb5QypJaWAZIkBIESqTTQeuQVv_K_8CGNPzzNP9AtWrUJjMwen87yNN2X4JbKI_reJblGGTCwhQ5HF5OStpyfGrJwgtKZJVNoE3EQv5RrCxVk6VNUHu33EyDIiN-15FR8PyN6Fc0w-g5_j7TIjGA-ZBnJ_UuDMymuMwUB7sat14Bx7tdQ6sX22fw5xlCH5hx5YJ9viIX8W00N3ePAXaYNXn1VogA
read = read_token(token)
print(read) # {'some': 'data', 'inthe': 'token'}-------------------------------------------
个性签名:代码过万,键盘敲烂!!!